41 
−  Adds the interface that received the ARP reply to the short static ARP entry. 
−  Uses the resolved short static ARP entry to forward IP packets. 
To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry 
on the device. To communicate with a host by using a fixed IP-to-MAC mapping through an interface 
in a VLAN, configure a long static ARP entry on the device. 
Gratuitous ARP 
In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of 
the sending device. 
A device sends a gratuitous ARP packet for either of the following purposes: 
•  Determine whether its IP address is already used by another device. If the IP address is already 
used, the device is informed of the conflict by an ARP reply. 
•  Inform other devices of a MAC address change. 
Gratuitous ARP packet learning 
This functionfeature enables a device to create or update ARP entries by using the sender IP and 
MAC addresses in received gratuitous ARP packets.  
When this feature is disabled, the device uses received gratuitous ARP packets to update existing 
ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which 
saves ARP table space. 
Periodic sending of gratuitous ARP packets 
Enabling periodic sending of gratuitous ARP packets helps downstream devices update ARP entries 
or MAC entries in a timely manner. 
This feature can implement the following functions: 
•  Prevent gateway spoofing. 
Gateway spoofing occurs when an attacker uses the gateway address to send gratuitous ARP 
packets to the hosts on a network. The traffic destined for the gateway from the hosts is sent to 
the attacker instead. As a result, the hosts cannot access the external network. 
To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARP 
packets at intervals. Gratuitous ARP packets contain the primary IP address and manually 
configured secondary IP addresses of the gateway, so hosts can learn correct gateway 
information. 
•  Prevent ARP entries from aging out. 
If network traffic is heavy or if the host CPU usage is high, received ARP packets can be 
discarded or are not promptly processed. Eventually, the dynamic ARP entries on the receiving 
host age out. The traffic between the host and the corresponding devices is interrupted until the 
host re-creates the ARP entries. 
To prevent this problem, you can enable the gateway to send gratuitous ARP packets 
periodically. Gratuitous ARP packets contain the primary IP address and manually configured 
secondary IP addresses of the gateway, so the receiving hosts can update ARP entries in a 
timely manner. 
ARP attack protection 
ARP attacks and viruses threaten LAN security. Although ARP is easy to implement, it does not 
provide a security mechanism and is vulnerable to network attacks. Multiple features are used to 
detect and prevent ARP attacks.  
•  The gateway supports the following features: 
{  ARP blackhole routing.